IBM MQ Appliance denial of service | CVE-2023-45177
NAME__________IBM MQ Appliance denial of servicePlatforms Affected:IBM MQ Appliance 9.3 CD IBM MQ 9.0 LTS IBM MQ 9.1 LTS IBM...
Month: November 2023
Online Examination System open redirect | CVE-2023-45203
NAME__________Online Examination System open redirectPlatforms Affected:Risk Level:6.1Exploitability:Proof of ConceptConsequences:Other DESCRIPTION__________Online Examination System could allow a remote attacker to conduct phishing...
Online Examination System open redirect | CVE-2023-45201
NAME__________Online Examination System open redirectPlatforms Affected:Risk Level:6.1Exploitability:Proof of ConceptConsequences:Other DESCRIPTION__________Online Examination System could allow a remote attacker to conduct phishing...
Microsoft Exchange Server server-side request forgery |
NAME__________Microsoft Exchange Server server-side request forgeryPlatforms Affected:Microsoft Exchange ServerRisk Level:7.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Microsoft Exchange Server is vulnerable to server-side request forgery,...
Microsoft Edge (Chromium-based) spoofing | CVE-2023-36029
NAME__________Microsoft Edge (Chromium-based) spoofingPlatforms Affected:Microsoft Edge (Chromium-based) 118.0 Microsoft Edge (Chromium-based) 119.0Risk Level:4.3Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Microsoft Edge (Chromium-based) could allow a...
Microsoft Exchange Server code execution |
NAME__________Microsoft Exchange Server code executionPlatforms Affected:Microsoft Exchange ServerRisk Level:7.5Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Microsoft Exchange Server could allow a remote authenticated attacker to...
Mitsubishi Electric MELSEC iQ-F Series CPU Module denial of service | CVE-2023-4625
NAME__________Mitsubishi Electric MELSEC iQ-F Series CPU Module denial of servicePlatforms Affected:Mitsubishi Electric FX5U-xMy/z x=326480 y=TR z=ESDSESSDSS Mitsubishi Electric FX5UC-xMy/z x=326496...
Microsoft Exchange Server server-side request forgery |
NAME__________Microsoft Exchange Server server-side request forgeryPlatforms Affected:Microsoft Exchange ServerRisk Level:7.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Microsoft Exchange Server is vulnerable to server-side request forgery,...
Mattermost Desktop information disclosure | CVE-2023-5920
NAME__________Mattermost Desktop information disclosurePlatforms Affected:Mattermost Mattermost Desktop 5.5.0Risk Level:2.9Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Mattermost Desktop could allow a local attacker to obtain sensitive...
pkp/pkp-lib cross-site scripting | CVE-2023-5890
NAME__________pkp/pkp-lib cross-site scriptingPlatforms Affected:pkp pkp-lib 3.4.0-3Risk Level:4.6Exploitability:HighConsequences:Cross-Site Scripting DESCRIPTION__________pkp/pkp-lib is vulnerable to cross-site scripting, caused by improper validation of user-supplied...
Microsoft Edge (Chromium-based) code execution | CVE-2023-36022
NAME__________Microsoft Edge (Chromium-based) code executionPlatforms Affected:Microsoft Edge (Chromium-based) 118.0 Microsoft Edge (Chromium-based) 119.0Risk Level:6.6Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Microsoft Edge (Chromium-based) could allow...
Microsoft Edge (Chromium-based) code execution | CVE-2023-36034
NAME__________Microsoft Edge (Chromium-based) code executionPlatforms Affected:Microsoft Edge (Chromium-based) 118.0 Microsoft Edge (Chromium-based) 119.0Risk Level:6.6Exploitability:UnprovenConsequences:Gain Access DESCRIPTION__________Microsoft Edge (Chromium-based) could allow...
Mattermost Desktop denial of service | CVE-2023-5876
NAME__________Mattermost Desktop denial of servicePlatforms Affected:Mattermost Mattermost Desktop 5.5.0Risk Level:3.1Exploitability:UnprovenConsequences:Denial of Service DESCRIPTION__________Mattermost Desktop is vulnerable to a denial of...
Microsoft Exchange Server server-side request forgery |
NAME__________Microsoft Exchange Server server-side request forgeryPlatforms Affected:Microsoft Exchange ServerRisk Level:7.1Exploitability:UnprovenConsequences:Obtain Information DESCRIPTION__________Microsoft Exchange Server is vulnerable to server-side request forgery,...
48 Malicious npm Packages Found Deploying Reverse Shells on Developer Systems
A new set of 48 malicious npm packages have been discovered in the npm repository with capabilities to deploy a...
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks
The HelloKitty ransomware operation is exploiting a recently disclosed Apache ActiveMQ remote code execution (RCE) flaw to breach networks and encrypt...
Boeing confirms cyberattack amid LockBit ransomware claims
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed...
Your end-users are reusing passwords – that’s a big problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. The danger is often hidden until...
Okta hit by third-party data breach exposing employee information
Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was...
Cloudflare Dashboard and APIs down after data center power outage
An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces (APIs) customers...
Ace Hardware says 1,202 devices were hit during cyberattack
Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to...
BlackCat ransomware claims breach of healthcare giant Henry Schein
The BlackCat (ALPHV) ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes...
Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems
U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems,...
Atlassian warns of exploit for Confluence data wiping bug, get patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used...
